PeopleReady December 2021 Security Update
At PeopleReady and TrueBlue, protecting our clients, associates and tradespeople from online security risks is a critical part of our work. Our Cybersecurity Team consistently stays ahead of security issues and addresses any threats as quickly as possible.
Apache Log4j Vulnerability (CVE-2021-44228):
Recently, a widespread vulnerability was identified in software (Apache Log4j) commonly used by many businesses. This vulnerability has exposed some of the world’s most popular applications and services to a potential cyberattack.
Our TrueBlue Cybersecurity Team responded to this vulnerability immediately, and all internal systems which were vulnerable to the Log4j vulnerability have been remediated. We are working closely with our vendor partners to ensure remediation of their tools and environments, ensuring the security of our network and telephony infrastructure, identity and access management tools, backup solutions, and our entire security suite of tools.
There are no indicators of compromise (IOCs) in our environment or through any third-party access to our environment. We continue to actively monitor our environment with active vulnerability scanning and automated endpoint detection and response (EDR).
Kronos Ransomware Attack:
HR management company Ultimate Kronos Group (UKG) was recently hit by a ransomware attack. While PeopleReady and TrueBlue do not utilize the Kronos tool directly for HR or payroll processes, we do have some clients that are connected to Kronos.
To protect our assets, we have disabled internet connectivity to the Kronos platforms out of an abundance of caution. For the near term, all connections and downloads from their systems will remain disabled until we can independently verify that they pose no threat to our systems and assets. We will continue to actively monitor for vulnerabilities and use automated endpoint detection and response (EDR).
PeopleReady, a TrueBlue company (NYSE: TBI), specializes in quick and reliable on-demand labor and highly skilled workers. PeopleReady supports a wide range of industries, including construction, manufacturing and logistics, waste and recycling, and hospitality. Leveraging its game-changing JobStack staffing app and presence in more than 600 markets throughout North America, PeopleReady served approximately 83,000 businesses and put approximately 226,000 people to work in 2022.